/**
 * 	 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *   @author Colin Redmond
 *   Copyright (C) 2011 Colin Redmond
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 */

package com.cred.industries.platform.business.facade;

import java.sql.Connection;
import java.sql.SQLException;

import com.cred.industries.core.database.DBConnectionManager;
import com.cred.industries.core.exceptions.ApplicationException;
import com.cred.industries.core.transferObj.result.ReturnCodes;
import com.cred.industries.platform.business.objects.CustomerBO;
import com.cred.industries.platform.business.objects.ForgotPasswordBO;
import com.cred.industries.platform.dao.CustomerDAOFactory;
import com.cred.industries.platform.dao.ForgotPasswordDAOFactory;
import com.cred.industries.platform.dao.ICustomerDAO;
import com.cred.industries.platform.dao.IForgotPasswordDAO;

public class ForgotPasswordFacade {

	public String resetPassword(String emailAddress, boolean sendEmail) {
		
		CustomerFacade custF = new CustomerFacade();
		CustomerBO custBO = custF.getCustomerByEmail(emailAddress);
		
		//we could throw 404, but we don't want to let people know
		//that the email does or doesn't exist
		if(custBO == null)
			return "";
		
		IForgotPasswordDAO forgotPass = ForgotPasswordDAOFactory.create();
		ForgotPasswordBO forgotPassBO = new ForgotPasswordBO(custBO.getCustomerId());
		forgotPass.insert(forgotPassBO);
		
		if(sendEmail) {
			MailerFacade.forgotMyPasswordEmail(forgotPassBO, custBO);
		}			
		
		return forgotPassBO.getTempPasswordID();
	}
	
	public boolean validateNewPassword(String personaName, String tempPassId) {
		
		IForgotPasswordDAO forgotPassDAO = ForgotPasswordDAOFactory.create();
		
		ForgotPasswordBO forgotPassBO = forgotPassDAO.findById(tempPassId);
		CustomerFacade custF = new CustomerFacade();
		CustomerBO custBO = custF.getCustomerByPersona(personaName);
		
		if(forgotPassBO != null && forgotPassBO.isValid() && custBO.getCustomerId() == forgotPassBO.getCustomerId()) {
			
			//first set the forgot password to be invalid then update the customer. We should use a transaction here
			//but it will be ok if we invalidate the forgot password then fail updating the customer. Since 
			//the customer can repeat. nothing is lost
			
			try (Connection connect = DBConnectionManager.getInstance().getConnection()){
				
				try {
					connect.setAutoCommit(false);
					
					forgotPassBO.setIsValid(false);
					forgotPassDAO.update(connect, forgotPassBO);
					custBO.setPassword(forgotPassBO.getNewPassword());
					ICustomerDAO custDAO = CustomerDAOFactory.create();
					custDAO.update(connect, custBO);
					connect.commit();
					
				} catch (Exception e) {
					connect.rollback();
					throw e;	//we just want to roll back and let the other handler deal with the exceptions
				}
			} catch (SQLException e) {
				throw new ApplicationException(e, ReturnCodes.UNKNOWN_ERROR, "failed to create DB connection update temp password with " + forgotPassBO.getCustomerId() + " , " + forgotPassBO.getNewPassword());
			}
			
			return true;
		} else {
			return false;
		}
		
	}
}
